VPN load balancing not working correctly

I have two vpn3030s configured for load balancing. They appear to recognize one another as the correct vpn(priority 10) appears to be the master. The slave however keeps getting an error message i the log "LBSSF master peer[205.172.49.252] is not answering HELLO".
He appears to timeout the master and switch himself to master where he immediately sees the master and goes back to slave. I am not sure the address above is correct for the error message, 205.172.49.252 is the virtual IP shared by both concentrators. I would expect to see hellos sent and received between the two physical interfaces. Any ideas? I am getting a buffer error on the master as well so all this may be memory related. Not sure at this point.
Johnny

it may be due to IP conflict.
also check this bug-id:CSCds70213.
Try these links for more info:
http://www.cisco.com/warp/public/471/vpn3k-conn.html
http://www.cisco.com/warp/public/471/ld_bl_vpn3000_7602.html

Similar Messages

  • RV042 Load Balancing not working correctly?

    We have an RV042 on firmware version 1.3.13.02 and 2 ISPs:
    WAN1 = Telepacific T1
    1.5Mbps down and 1.5Mbps up
    WAN2 = AT&T U-Verse
    12Mbps down and 5Mbps up
    I have it set to Load Balance, Primary WAN = WAN2
    Network Service Detection enabled, only pinging the Remote Host of 4.2.2.2 and set to Generate Log
    Bandwidth is set to:
    WAN1 = 1000Kbps upstream & downstream
    WAN2 = 5040Kbps upstream & 12000Kbps downstream
    It seems to pick WAN1 a lot of the time.  Do I have something setup wrong?

    Ok, so what do you recommend? To setup binding for ports important to direct over say… WAN1 (my fast access) shall I also keep the bandwidth management set up as is, example:
    For me it’s confusing because this config appears to be clear to me that has to control traffic the way I want .
    Thanks for your response.
    H Aragon
    De: jasbryan
    Enviado el: lunes, 20 de febrero de 2012 03:18 p.m.
    Para: HECTOR MANUEL ARAGON
    Asunto: - Re: RV042 Load Balancing not working correctly?
    Home
    Re: RV042 Load Balancing not working correctly?
    created by jasbryan in Small Business Routers - View the full discussion

  • Load balance not work,still sending new connects to node at100% CPU usage

    Trying to verify that Oracle RAC load balancing ( using Load Balance Advisor and services) is working before I recommend changes to a production RAC DB.
    Even though I bury (100%CPU usage) one of 2 nodes ,new connections(using a new service I created and set GOAL=SERVICE_TIME and CLB_GOAL = SHORT ) still connecting there.( connection split stays at 50/50) . Any ideas why ?
    nodes are HP Itanium ( hpux 11.23) , database version is 10.2.0.5
    There are 2 RAC databases on this cluster (one TEST and one Model Office)
    srvctl config service -d gdrm -s BATCHQ_GDRM_SERVICEBATCHQ_GDRM_SERVICE PREF: gdrm1 gdrm2 AVAIL:

    Hi Dan,
    you will have to point all your systems to the Web Dispatcher in the SLD. If you don't do this, the browser will always retrieve the URL to the central instance, bypassing the Web Dispatcher. After you configured as the system to contact the Web Dispatcher, the browser will receive the URL of the Web Dispatcher and send the request to the Web Dispatcher.
    On the Web Dispatcher, you'll have to configure an appropriate rule to handle that request. You can use 1 IP and different ports. Each port means another system. Or several virtual IPs and the same/different port.
    IP1:8001 -> WD -> BI 1
    IP1:8002 -> WD -> BI 2
    or
    IP1:8001 -> WD -> BI1
    IP2:8002 -> WD -> BI2
    In this case, you can keep the flexibility of using several backend systems with different names/IPs/Ports and one Web Dispatcher.
    For refence, you can consult the following 2 documents:
    General Information about how to use Web Dispatcher:
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/8105db90-0201-0010-cfbe-ae94d43e2e48
    How to implement Web Dispatcher as a single point of entrance
    p. 40-42: "
    Internet Connectivity to SAP Applications.pdf"
    (Unfortunatly, I'm right now not able to locate this document again in SDN, but it exists somewhere. Good luck!)
    br,
    Tobias

  • Clientless VPN and Java not working correctly

    In a recent discovery we found that the newest version of java will not work with our Cisco SSLVPN setup
    We are using an ASA5510 with 8.0.4 IOS version and 6.1.3 ADSM version and most users use an mstsc.exe smart tunnel to rdp into our terminal server farm.
    Our laptops are being imaged with Java 6 update 3 (this works fine) then upgraded to Java 6 update 11, after which the smart tunnel appears to launch but a connection cannot be established. Reinstalling the older version of Java resolves the problem.
    I was wondering if anyone else has encountered a similar problem and found a workaround. Currently, company equipment is not being upgraded to the latest version of Java but personal equipment is a different story.

    To get the old downloader back follow the directions below.
    # In the [[Location bar autocomplete|Location bar]], type '''about:config''' and press '''Enter'''. The about:config "''This might void your warranty!''" warning page may appear.
    # Click '''I'll be careful, I promise!''', to continue to the about:config page.
    # Filter '''browser.download.useToolkitIT'''.
    # Double click and '''make sure it says true.'''
    # You now have the classic downloader back! Yay!
    Any issues or confused?
    * http://kb.mozillazine.org/About:config

  • Sticky load balancing not working  because of Address Translation

              This came up before - see below. I don't understand what the
              soltion is/was.
              WL Server puts it's ip address in the WebLogicSession cookie
              which is an internal address 192.168.201.41
              WL proxy knows WL Server only by an external address like 139.141.38.21. Since
              it does not know of any WLS with an IP
              address of 192.168.201.41, it round-robins the request instead
              of sending it to the primary WLS.
              Any help is much appreciated.
              Mike Reiche
              Robert Patrick <[email protected]> wrote:
              >Hi,
              >
              >A very typical configuration is to put the web server in the DMZ (i.e.,
              >between
              >an outer and inner firewall) and proxy the requests from the web server
              >to the
              >WebLogic server (which sits behind the inner firewall). Since all of
              >these
              >proxied requests use HTTP and a single port, the only port that needs
              >to be
              >opened in the inner firewall is an HTTP port (the outer firewall will
              >only need
              >an HTTP and/or HTTPS port opened).
              >
              >Hope this helps,
              >Robert
              >
              >Eytan Ben-Meir wrote:
              >
              >> Thanks Patrick,
              >>
              >> May be you can suggest options for securing a WLS behind a firewall?
              >>
              >> Thanks again,
              >>
              >> Eytan
              >>
              >> Robert Patrick wrote:
              >>
              >> > Hi,
              >> >
              >> > The problem is that we encode location information (e.g., IP address(es))
              >> > in the session id. If the plugin sees a session id, it decodes the
              >> > session id to find out where to route the request (i.e., which server
              >in
              >> > the cluster contains the HttpSession object for that session). Since
              >the
              >> > plugin cannot find the machine whose IP address is encoded in the
              >session
              >> > id (because of the network address translation), this will not work.
              > In
              >> > general, distributed application software needs to be modified to
              >be
              >> > capable of handling network address translation -- to my knowledge,
              >> > WebLogic Server has not been modified to support this feature (though
              >the
              >> > Enterprise version of the product has had this support for years).
              >> >
              >> > Hope this helps,
              >> > Robert
              >> >
              >> > Eytan Ben-Meir wrote:
              >> >
              >> > > Hi,
              >> > >
              >> > > Configuration:
              >> > > WLS 4.5.1 on Solaris 2.7 inside a firewall.
              >> > > SonicWall firewall with NAT (Network Address Translation).
              >> > > Netscape Enterprise Server 4.0 outside the firewall with Weblogic
              >> > > NSAPI-BRIDGE (sp 5)
              >> > >
              >> > > The problem:
              >> > > When a browser request is sent to the NE web-erver (directed to
              >the
              >> > > firewall who then redirects to a Weblogic servlet).
              >> > > IF The servlet creates a httpsession (with or without cookies)
              >the
              >> > > request fails (the firewall blocks a request directed directly
              >at the
              >> > > non-routable ip address of the Weblogic machine inside the firewall.
              >> > > IF on the other hand the servlet does not create a http session,
              >all
              >> > > works fine.??????????
              >> > > Does any body know something about this????
              >> > >
              >> > > Thanks,
              >> > >
              >> > > Eytan
              >
              

              This isn't my problem.
              "Mike Reiche" <[email protected]> wrote:
              >
              >This came up before - see below. I don't understand what the
              >soltion is/was.
              >
              >WL Server puts it's ip address in the WebLogicSession cookie
              > which is an internal address 192.168.201.41
              >
              >WL proxy knows WL Server only by an external address like 139.141.38.21.
              > Since
              >it does not know of any WLS with an IP
              >address of 192.168.201.41, it round-robins the request instead
              >of sending it to the primary WLS.
              >
              >Any help is much appreciated.
              >
              >Mike Reiche
              >
              >Robert Patrick <[email protected]> wrote:
              >>Hi,
              >>
              >>A very typical configuration is to put the web server in the DMZ (i.e.,
              >>between
              >>an outer and inner firewall) and proxy the requests from the web server
              >>to the
              >>WebLogic server (which sits behind the inner firewall). Since all of
              >>these
              >>proxied requests use HTTP and a single port, the only port that needs
              >>to be
              >>opened in the inner firewall is an HTTP port (the outer firewall will
              >>only need
              >>an HTTP and/or HTTPS port opened).
              >>
              >>Hope this helps,
              >>Robert
              >>
              >>Eytan Ben-Meir wrote:
              >>
              >>> Thanks Patrick,
              >>>
              >>> May be you can suggest options for securing a WLS behind a firewall?
              >>>
              >>> Thanks again,
              >>>
              >>> Eytan
              >>>
              >>> Robert Patrick wrote:
              >>>
              >>> > Hi,
              >>> >
              >>> > The problem is that we encode location information (e.g., IP address(es))
              >>> > in the session id. If the plugin sees a session id, it decodes
              >the
              >>> > session id to find out where to route the request (i.e., which server
              >>in
              >>> > the cluster contains the HttpSession object for that session).
              >Since
              >>the
              >>> > plugin cannot find the machine whose IP address is encoded in the
              >>session
              >>> > id (because of the network address translation), this will not work.
              >> In
              >>> > general, distributed application software needs to be modified to
              >>be
              >>> > capable of handling network address translation -- to my knowledge,
              >>> > WebLogic Server has not been modified to support this feature (though
              >>the
              >>> > Enterprise version of the product has had this support for years).
              >>> >
              >>> > Hope this helps,
              >>> > Robert
              >>> >
              >>> > Eytan Ben-Meir wrote:
              >>> >
              >>> > > Hi,
              >>> > >
              >>> > > Configuration:
              >>> > > WLS 4.5.1 on Solaris 2.7 inside a firewall.
              >>> > > SonicWall firewall with NAT (Network Address Translation).
              >>> > > Netscape Enterprise Server 4.0 outside the firewall with Weblogic
              >>> > > NSAPI-BRIDGE (sp 5)
              >>> > >
              >>> > > The problem:
              >>> > > When a browser request is sent to the NE web-erver (directed to
              >>the
              >>> > > firewall who then redirects to a Weblogic servlet).
              >>> > > IF The servlet creates a httpsession (with or without cookies)
              >>the
              >>> > > request fails (the firewall blocks a request directed directly
              >>at the
              >>> > > non-routable ip address of the Weblogic machine inside the firewall.
              >>> > > IF on the other hand the servlet does not create a http session,
              >>all
              >>> > > works fine.??????????
              >>> > > Does any body know something about this????
              >>> > >
              >>> > > Thanks,
              >>> > >
              >>> > > Eytan
              >>
              >
              

  • Session replication in oc4j load balancing not working ..

    Hi All,
    I have windows 2000 machine. I have installed 2 instances of oc4j running on ports 8888 and 8889. I started the loadbalancer.jar in the first instance, started the first oc4j instance and then started the second oc4j instance. I have a common application deployed on both instance1 and instance2 and that is nothing but out famous SessionServlet.
    If I access this servlet using http://localhost:80/app/servlet/SessionServlet then I am getting a count as 1 . My loadbalancer that is started from first oc4j instance(running on port 8888) is showing that the request is routed to the first instance. I stopped my first instance1 and then again from the same browser/session/client if I access the same servlet using http://localhost:80/app/servlet/SessionServlet then still I am seeing the count as 1 instead of 2 . At this point my loadbalancer is showing that the request is routed to the second oc4j instance(running on port 8889) since first instance is stopped. So why am I seeing the count as 1 instead as 2.
    Also,
    1. Is it enough that we start the loadbalancer.jar in the first oc4j instance. What about the loadbalancer.jar in the second oc4j instance ?
    2. We all know that Apache HTTP Server runs on port 80. But since I didnt[i]Long postings are being truncated to ~1 kB at this time.

    thank you debu, I have one doubt . In the clustering/load-balancing documentation at metalink(doc id: 151717.1) it is said that in point 4b that we should add the tag <cluster-config /> to orion-web.xml file but this file will be created only after the web application is deployed and it is accessed atlest for one time. So is it that we should first deploy the web application and then access it for atlest one time then stop the server and add this tag .. or is there any other way workaround ?

  • INSERT Loading Type not working correctly?

    Hi,
    I'm using ver. 9.2.0.2.8 for the owb client, and ver. 9.2.0.2 for the repository. I'm currently encountering this problem when using the INSERT loading type for loading data into one of my staging tables. It's a simple simple mapping really:
    I have a source table (A) that maps to a filter operator, which is then mapped to a staging table(B).
    The problem is, when I run the mapping to INSERT data from A into an already populated B, not all the desired records are inserted. Weird thing is, when I run the code from generating the intermediate result in TOAD or whatever, I get the desired results. So that kinda rules out any doubts on the select statement generated by OWB.
    Out of 23 records I get like 6.. just 6 of the 23 records I was hoping to be inserted into B.
    And yes, none of the remaining 17 records are present in A, so INSERT should (ideally) work fine and carry out inserting all the 23 records.
    Any ideas? ..

    Hi JP,
    Thank you very much for helpin out, I tried what you told me and here's what I got:
    Starting Execution STG_MAP_FILTER_DCS_IRREG
    Starting Task STG_MAP_FILTER_DCS_IRREG
    ORA-12801: error signaled in parallel query server P012
    ORA-02291: integrity constraint (RTOWNER.FK_RTER_RTA) violated - parent key not found
    ORA-06512: at "RTOWNER.WB_RT_MAPAUDIT", line 338
    ORA-01403: no data found
    ORA-06512: at "RTOWNER.WB_RT_MAPAUDIT", line 1736
    ORA-06512: at "RTOWNER.WB_RT_MAPAUDIT", line 2625
    ORA-06512: at "TOPSSTAGE.STG_MAP_FIL_R_TGT0_719337", line 1443
    ORA-06512: at "TOPSSTAGE.STG_MAP_FIL_R_TGT0_719337", line 2076
    ORA-06512: at "TOPSSTAGE.STG_MAP_FILTER_DCS_IRREG", line 482
    ORA-06512: at "TOPSSTAGE.STG_MAP_FILTER_DCS_IRREG", line 813
    ORA-06512: at line 1
    Completing Task STG_MAP_FILTER_DCS_IRREG
    Completing Execution STG_MAP_FILTER_DCS_IRREG
    ..I wonder what it means, hehe.

  • Network Load Balancing not working with UDP traffic (Server 2012)

    Hi all,
    I manage an application that receives traffic from mobile devices on cellular networks. The traffic is UDP. I have set up two x Server 2012 VMs to form part of a NLB cluster. Each server has a second NIC dedicated to NLB. The traffic is simply NATed from
    our firewalls to the virtual IP. When looking at the traffic using a packet sniffer, I can see the traffic being routed correctly to the virtual IP, but the problem is that the return traffic is sent from the IP address on the actual NIC. My application does
    not like the fact that the return traffic is coming from a different source IP. Is there any way to force the return traffic to also come from the virtual IP address?
    Thanks!

    Hi
    NLB return traffic for UDP would come from the node IPs.
    You could use NAT on your firewalls so they come from the same public IP.
    Otherwise you'd be looking at something other than MS NLB.
    Cheers
    GF

  • Load balance not working right with jdbc connection string?

    For months we've used the following connection string to get Tomcat to open connections to our Oracle 10g RAC:
    jdbc:oracle:thin:@(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST
    = db1vip) (PORT = 1521)) (ADDRESS = (PROTOCOL = TCP) (HOST = db2vip)
    (PORT = 1521)) (LOAD_BALANCE = yes) (CONNECT_DATA = (SERVER = DEDICATED)
    (SERVICE_NAME = orcl) (PREFER_LEAST_LOADED_NODE_ORCL = OFF) ) )
    Today, db2 became inaccessible during prime time, and the web app completely hung--when you tried to type in a username and password to log into the site, it would just hang indefinitely, and the Tomcat log files were complaining about being unable to open a connection to the database because of a network adapter error.
    I would have expected the JDBC driver Tomcat was using to just switch to the other database server, but none of our Tomcat machines did that, and I'm wondering why (they all just hung trying to connect to db2). Our guess is that the difference this time is not that Oracle was down on db2, but that db2 was down entirely. Maybe that connection string works only if the server is up when the database is down, and not when the server is unreachable (we couldn't SSH to the box, and when we tried to get to it locally using a remote access card, a lot of options were grayed out and we couldn't see a shell, so all we could do was reset the box).

    Hi,
    Please refer to the link below:
    SCOM 2012 – Monitoring Oracle Database OLE DB Management Pack Template
    http://stefanroth.net/2012/12/05/scom-2012-monitoring-oracle-database-ole-db-management-pack-template/
    Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Load balancer not working on R12 shared appltop

    We have upgraded from 11.5.10.2(shared application tier) to R12 and modified the context file.still we are not able to access the login page and error log showing below messages.Please let me know,if you have any idea about this errors?.
    File does not exist: /u2596/oracle/oaq/inst/apps/oaq_qnalx799/portal/oa_servlets/oracle.apps.fnd.test.HelloWorldServlet
    Edited by: rag100mn on May 11, 2009 4:18 PM

    Hi,
    Can you find more details about the error in error_log and access_log files (under $LOG_HOME/ora/10.1.3/Apache directory)?
    Regards,
    Hussein

  • Windows Network Load Balancing not working

    OS: Windows Server 2008 R2
    Tested in our environment both are able to talk to each other. One will be converged as DEFAULT and another will be just converged.
    When deployed at Customer site, Server1 is converged as Default as seen in Server1.
    Server 2 is converged as Default as seen in Server 2.
    Server1 and 2 are in the same subnet and have no firewalls in between. (They seem unable to detect each other)
    NLB Configurations is using multicast.
    Would like to know how to resolve this issue.

    Hi,
    First, please try to ping each other with FQDN on the servers.
    Also, please make sure that the servers are connected to a layer2 switch or hub.
    To verify if this issue is caused by the misconfigure of the network device, pleae try to connect these servers to a hub for the test.
    Besides, is there any warning or error related to this issue in the event viewer of these servers?
    Here is a troubshooting guide for NLB, it may be helpful,
    http://technet.microsoft.com/en-us/library/cc732592.aspx#BKMK_N
    Best Regards.
    Steven Lee
    TechNet Community Support

  • VPN load balancing and ASA !!!

    Hi netpros,
    I have a couple of questions about this and hope you might be able to assist me.
    1.- Are VPN load balancing and failover (Active/Active) mutually exclusive ..? I mean they can't be used at the same time correct ..?
    2.- How does the ASA handle the return traffic from the Internal LAN towards the remote client .. Because the cluster only requires ONE public virtual IP address, which will work for incoming packets .. but what about the return traffic which has knowledge of the DHCP scope's default gateway IP address only .. ? How gets the returned packet redirected from the default gateway IP address to the respective ASA internal IP address .?
    3.- VPN load balancing only applies to remote clients using easy VPN technology (easy vpn client, hardware client , pIX using easy vpn client etc ) and does not work with static LAN-LAN tunnel .. correct ..?
    Your comments are much appreciated

    Hi Gilbert ..
    1.- Thanks I wanted to make sure.
    2.- I know that .. my question is in regards the return packets .. for example if I have the below IP schema:
    ASA1: Public 20.20.20.20
    Private 192.168.1.1
    ASA2: Public 20.20.20.21
    Private 192.168.1.2
    Cluster virutal IP: 20.20.20.10
    Default gateway for segment 192.168.1.0 is 192.168.1.1
    Let's say that a vpn client tries to connect and the cluster instructs the client to connect to ASA2 20.20.20.21. The packets reach the internal server at 192.168.1.100. The internal server then sends the return packets back to the client by forwarding them to its default gateway which is 192.168.1.1 (ASA1). Here is my question .. how does the cluster handles this because the return packet are supposed to be directed to ASA2 192.168.1.2
    3.- Any idea about this one ..?
    Cheers,

  • ASA 5520 VPN load balancing with Active/Standby failover on 2 devices only...

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin-top:0in;
    mso-para-margin-right:0in;
    mso-para-margin-bottom:10.0pt;
    mso-para-margin-left:0in;
    line-height:115%;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;}
    This topic has been beat to death, but I did not see a real answer. Here is configuration:
    1) 2 x ASA 5520, running 8.2
    2) Both ASA are in same outside and inside interface broadcast domains – common Ethernet on interfaces
    3) Both ASA are running single context but are active/standby failovers of each other. There are no more ASA’s in the equation. Just these 2. NOTE: this is not a Active/Active failover configuration. This is simply a 1-context active/standby configuration.
    4) I want to share VPN load among two devices and retain active/standby failover functionality. Can I use VPN load balancing feature?
    This sounds trivial, but I cannot find a clear answer (without testing this); and many people are confusing the issue. Here are some examples of confusion. These do not apply to my scenario.
    Active/Active failover is understood to mean only two ASA running multi-contexts. Context 1 is active on ASA1 Context 2 is active on ASA2. They are sharing failover information. Active/Active does not mean two independently configured ASA devices, which do not share failover communication, but do VPN load balancing. It is clear that this latter scenario will work and that both ASA are active, but they are not in the Active/Active configuration definition. Some people are calling VPN load balancing on two unique ASA’s “active/active”, but it is not
    The other confusing thing I have seen is that VPN config guide for VPN load balancing mentions configuring separate IP address pools on the VPN devices, so that clients on ASA1 do not have IP address overlap with clients on ASA2. When you configure ip address pool on active ASA1, this gets replicated to standby ASA2. In other words, you cannot have two unique IP address pools on a ASA Active/Standby cluster. I guess I could draw addresses from external DHCP server, and then do some kind of routing. Perhaps this will work?
    In any case, any experts out there that can answer question? TIA!

    Wow, some good info posted here (both questions and some answers). I'm in a similar situation with a couple of vpn load-balanced pairs... my goal was to get active-standby failover up and running in each pair- then I ran into this thread and saw the first post about the unique IP addr pools (and obviously we can't have unique pools in an active-standby failover rig where the complete config is replicated). So it would seem that these two features are indeed mutually exclusive. Real nice initial post to call this out.
    Now I'm wondering if the ASA could actually handle a single addr pool in an active-standby fo rig- *if* the code supported the exchange of addr pool status between the fo members (so they each would know what addrs have been farmed out from this single pool)? Can I get some feedback from folks on this? If this is viable, then I suppose we could submit a feature request to Cisco... not that this would necessarily be supported anytime soon, but it might be worth a try. And I'm also assuming we might need a vip on the inside int as well (not just on the outside), to properly flip the traffic on both sides if the failover occurs (note we're not currently doing this).
    Finally, if a member fails in a std load-balanced vpn pair (w/o fo disabled), the remaining member must take over traffic hitting the vip addr (full time)... can someone tell me how this works? And when this pair is working normally (with both members up), do the two systems coordinate who owns the vip at any time to load-balance the traffic? Is this basically how their load-balancing scheme works?
    Anyway, pretty cool thread... would really appreciate it if folks could give some feedback on some of the above.
    Thanks much,
    Mike

  • Text formatting in Numbers is not working correctly.

    In Numbers on Chrome text formatting is not working correctly, it's almost as if a CSS file is not being loaded. To be precise, when I try to make a cell Bold there is no bolding. I am using Arial as a font. This has been an issue on Mac and Windows. Any ideas?

    Do you have the same problem with Safari or Firefox?

  • Having an issue with vpn load balancing certificate on the vip

                       Hi all,
    I am setting up vpn load balancing in a lab. I have two asa's running 8.6. I created a ucc cert from our internal CA  that has the vip as the CN in the cert and the two ASA's themselves as subject alternative names. I used open ssl to create the request. In each asa I am using encryption between the ASA's to encrypt the psk's. Since this is a lab and I do not have the DNS servers at my disposal I've added the hostnames and addresses of each ASA to the config in the ASA's. The problem I have is that when I connect to the vip I get a cert error saying the cert doesn't match the name on the site. See below:
    "The security certificate presented by this website was issued for a different website's address."
    I have a hostfile on my lab pc connected directly to the outside of the ASA that can resolve the name of the vip but when I browse to the vip I get the cert error. If I click proceed anyway the asa redirects me and the page opens without error on one of the two ASA's.
    Does any one know what the CN of the cert should be for vpn load balancing. I thought the CN would be the vip but sometinhg is not right.
    Any help is appreciated.
    Thanks.

    Issue resolved. Switched the order of the trustpoints on the outside and vpn load balance.

Maybe you are looking for

  • I synced  my ipod not knowing my daughter had "her" acct logged in!  Now it only pulls up her Apple Id and I've restored it and everything!?  Still her ID

    My ipod was giving me fits after updating it!  So I synced it to my computer not knowing that my daughters acct. was logged into!?  Anyhoo, now it has her apple ID on my ipod touch and I can't get it to remove!?  I've restored it and everything?  I d

  • Defining paths in scripts..... in need of a guru

    Here's a problem that Bridge scripts are having... If you have a volume named Users, the image processor, 1-2-3, AOM scripts won't run because as the paths are defined they will look in the volume "User" not the folder "Users" for files etc.... it's

  • Does ACR write to original file?

    I read the following: "When you make adjustments to an image in Camera Raw, such as straightening or cropping, PhotoShop and Bridge preserve the original file data. This way you can edit the image as you desire, export the edited image, and keep the

  • Showing the thumbnail view of the uploaded image

    Hello Experts, I am developing a website in jsp, where i have a module for patron uploading their photo into the server. After a lot of gooling and searches in this site, i found code to upload the image and it uploads perfectly into the specified fo

  • RR Queues

    Hi..   What do u mean BY RR Queue? i know it is replication and reallignment queue..     But whats the need of this one? is it related to data flow with mobile..?       2) what do u mean LUW's? logical unit of work....?what is the significance of thi